Classification of SSL certificates

SSL certificates are electronic documents that provide a secure connection via the SSL protocol for communication between the client and the server, and also serve to build / maintain the trust to the web-site / domain.

As you can tell by the number of SSL certificates available on our site only, there are quite many different SSL certificates on the market. In this article we'll try to understand what types of SSL certificates exist.

SSL certificates can be classified by the following criteria: issuing authority; validation type, and certificate properties / functions.

Self-signed SSL certificates

In fact, you can generate an SSL certificate by yourself. You can even do it using control panels available for our hosting, VPS and dedicated server plans. Such SSL certificates are named self-signed SSL certificates. They even successfully perform the task of encrypting the data transmitted between the client's machine and the server.

However, self-signed SSL certificates have a significant disadvantage that prevents them from being used when working with clients - when the client connects to the website through https, secured by a self-signed SSL certificate, the browser will not be able to identify the issuer and will display a warning saying the connection is untrusted and the website is potentially fraudulent. For example, the message looks like this in the Google Chrome browser:

It seems, seeing a message like that, the customer will hardly continue his operation, not to mention completing operations involving providing personal information or making payments online.

Thus, self-signed certificates are suitable for indoor use at most.

SSL certificates issued by certification authorities

Such SSL certificates also perform the function of providing a secure connection. However, due to having been issued by a recognized and trusted certification authority (such as the companies VeriSign, Thawte, Comodo, for example), do not cause the browser to show an error / unsafe connection warning.

Secondly, such SSL certificates allow for a much greater degree of confidence towards the website by visitors since using an SSL certificate from a certification authority implies the fact the website and the owner have been identified and verified at least to some degree. At a minimum, the fact that the person requesting the certificate manages the website, is verified.

Depending on the type of the certificate, verification of the organization that manages the domain / website may be required as well, including verification of the organizations's registration / incorporation documents, public contact information, etc.

SSL certificates by validation type

Global certification authorities issue various SSL certificates that differ from one another in the degree of validation of the domain / website owner. You can view choice of SSL certificates from various vendors by following the links: Comodo SSL, VeriSign SSL, Geotrust SSL, Thawte SSL, RapidSSL.

So, there are the following types of certificates depending on the level of validation:

• Basic or Domain Validation (DV) SSL certificates

• Organization Validation (OV) SSL certificates

• Extended verification SSL certificates (EV SSL) + green bar.

Basic SSL certificates (DV, domain validation)

DV SSL certificates only confirm the fact that the certificate is issued to a person who has control over the website and the domain name. Domain Validation SSL certs provide a secure connection, confirm the fact that information is exchanged with the website with which this exchange has been initiated, and not with a third party web-site.

Before such a certificate is issued, information about the person / organization who owns the site is requested, however the information is not verified by the certification authority. For example,a copy of an identity card or company incorporation documents are not required to receive a DV SSL certificate.

DV certificates are the most inexpensive SSL certificates. For example, it's possible to buy a Comodo Positive SSL for just $10 USD.

A basic DV SSL certificate provides a greater protection for the website than no SSL certificate at all anyway. Using basic SSL certificates does not provoke a warning in the browser regarding an unprotected and non-trusted connection, but if the certificate is viewed, it says no identification data on the domain is available.

VD SSL certificates are issued by the certificate authority within 1-48 hrs. For instance, Comodo Positive SSL is issued within 1 hour.

This type of SSL certificates is suitable for personal projects or for organization that only start their activity online.

Organization validation SSL certificates (OV)

This type of SSL certificate is issued only to legal entities, individuals can not use OV SSL certificates.

To obtain an Organization Validation SSL certificate, you must provide certain information to the certification center. The requested information may vary depending on the issuing CA (certification authority), but generally, the following information is requested:

• The organization's name, address, contact information

• Incorporation / registration documents

• Documents confirming the current address of the organization (such as a utility bill)

• Another requirement is that the contact information on the organization coincides with that available on public resources and directories. That is, what public yellow pages say is the company's phone number and address has to coincide with what the ordered SSL certificate says. If there is no information on the company / organization in public directories, it has to be added. This is a requirement by Comodo, for instance.

Organization validation SSL certificates are issued within 3-10 working days by the certification authority.

Using SSL certificates with organization validation allows to create and maintain a positive image for the website not only a secure connection is used, but also due to the fact that the vistitors deal with an organization / company with open and verified information. It's always good to know that the payment or personal information sent by the user goes to a trustworthy entity.

SSL certificates with extended validation and green bar (EV).

This type of certificates is designed to provide maximum confidence in the entity that owns an Internet resource.

To obtain an SSL certificate with extended validation the owner must provide the same information as for OV (Organization validation) certificates.

However, in the case of EV certificates the issuing CA (certification authority) produces a more thorough check of the organization under strictly regulated and standardized procedure before issuing an EV SSL certificate.

Particularly, the CA:

• Must check the legal, physical and operational activities of the entity requesting the certificate.

• Must verify that the entity's official documents.

• Must ensure that the entity / person has the exclusive right to use the domain specified in the EV certificate.

• Must make sure that the entity / person is fully authorized to request an EV certificate issuance.

Extended validation certificates are issued within 10-14 working days.

These certificates are used by biggest and leading companies / organizations in the world, are part of their image.

SSL certificates by properties / functions

DV SSL certificates / OV - EV certificates

This is the most common type of certificates. They protect a single domain. Basic DV SSl certificates are issued automatically, organization / extended validation involve identifying the domain owner - see descriptions above (SSL certificates by validation type).

Wildcard Certificates

Wildcard SSL Certificates allow you to use one certificate to confirm and protect multiple subdomains under one domain name. For example, if you are using such a subdomain as billing.yourcompany.com, a Wildcard SSL certificate is a good choice for your web project.

SAN SSL certificates

SAN SSL certificates allow you to use one SSL certificate for multiple domains hosted on one web-server. It is usually possible to use this type of certificate for 5 domains simultaneously. With a larger number of domains on one server, you can increase the number of domains covered by one certificate by 5. I.e. 5 +5 +5 ... as the number of domains grows.

List available on our website SAN SSL Certificates - at the moment such certificates are not offered due to the fact that the total cost of one SAN certificate exceeds the cost of individual certificates for each domain.

SGC SSL certificates

This type of certificates is designed to increase the encryption level of connections made by the browser. In fact, SGC SSL certificates are required only when very old browsers that do not support 128-bit encryption are used. In general, the usefulness of this type of SSL certificates, especially in regard to their cost, is questioned. Anyway, SGC SSL certificates also exist.

SSL certificates with IDN (Internationalized Domain Names) support

Due to the fact that the use of internationalized domain names (domain names that contain non-Latin characters, or special characters, such as accented characters) is gaining popularity and spread, support for this kind of domain names by SSL certificates becomes essential.

The following types of SSL certificates available on the website support IDN: